Box: Frequently Asked Questions about Box
What is Box Secure Storage?
Box is a secure, cloud-based tool for storing and sharing sensitive data. The University of Minnesota’s Box instance is specifically configured to comply with requirements for storing electronic Protected Health Information (ePHI), which is protected under HIPAA.
Who is eligible for a Box Secure Storage account?
Any current University of Minnesota faculty, staff, or student.
NOTE: Box requires Enterprise access, so UMN Sponsored Accounts must complete and submit the Access Request Form (ARF) z.umn.edu/accessrequestform/for DUO access (under Additional Resources, Duo - for Enterprise Access). Sponsored Accounts are often used for AHC contractors.
What kinds of data can I store on Box Secure Storage?
Most sensitive research data can be stored in Box, including ePHI/HIPAA data, identified human subjects data, and data classified as private-highly restricted.
While UMN policy doesn’t allow most kinds of restricted or sensitive data in the cloud, UMN’s contract with Box is through Internet2, and was borne out of rigorous evaluations from several Universities to produce a version of Box specifically tailored for the security and regulatory requirements of academic research. UMN has further customized our instance of Box to meet security standards for HIPAA and the UMN’s policies for storing high security data.
Is health data allowed to be stored on Box?
Yes, the University has signed an agreement allowing our users to store Protected Health Information (PHI) on Box at UMN. Ensure you are taking actions that keep your data safe while using health information in Box.
How does Box protect my data?
Box provides a variety of security measures and customizable options for data security:
- Encryption: Data are encrypted at rest on Box’s servers and in transit over the network
- Logging: Box provides default logging and reporting of permissions and file access. You can customize logging and email notifications for individual project folders.
- Permissions: You can add internal and external collaborators to folders with various levels of access, from view only to full edit rights.
- Authentication via DUO: To ensure secure access to data, two-factor authentication using DUO is required to log into Box Secure Storage. You can set up preferences for two-factor login with DUO.
- Restricted links: Links to files and folders are protected and provide shared access only to people who are added as collaborators on those folders.
- Secure Access: You can access files through the Box web interface or via the Box Drive or Box Sync application. To ensure sensitive data are not synced to potentially insecure computers, Box Drive and Box Sync are set up to check security settings on devices before it will install. Requirements:
- Full disk encryption must be turned on
- Firewall must be turned on
- An antivirus software must be installed
How do I sign up for a Box account?
NOTE: Box requires Enterprise access, so UMN Sponsored Accounts must complete and submit the Access Request Form (ARF) z.umn.edu/accessrequestform/.
How much storage space will I get with Box Secure Storage?
Each user has an unlimited amount of storage space available. However, individual files must be less than 15 Gb each.
How does Box compare to other places I store my data?
Box provides a storage and sharing service that meets a higher level of security than existing storage tools. Please review the page When Should I Use Box? for further details.
What password do I use with my Box Secure Storage account?
Box at UMN is secured by Shibboleth, so each person will use their UMN internet ID and password. You will also need to activate your DUO two-factor authentication and use DUO as the second factor to login after you enter your credentials.
What kinds of file types can I store on Box Secure Storage?
Box can be used to store and share almost any kind of file, as long as individual files are less than 15 Gb in size. You can edit many files directly and securely in Box through the seamless integration with Microsoft Office Online, or edit using applications on your local computer with Box Edit. Learn more about ways to edit data in Box.
Can I collaborate with people outside of UMN using Box?
Yes, they will need a Box account from their university, business or they can obtain a free Box account at box.com. Security settings will follow the owner of the data, so ensure all sensitive data are stored in a folder owned by a UMN account.
I accidentally deleted a file from my Box account. How can I recover it?
Any file that you delete is kept in your “Trash” for 60 days. Learn how to recover deleted files from your trash.
I am listed as an Editor in a shared folder. What does that give me rights to do with files?
There are seven different permission levels that can be assigned to a collaborator; learn more about rights for each permission level in Box.